Troubleshooting Tip: How to prove if the FortiManager custom certificate has errors
| Description | This article describes how to prove that the FortiManager custom certificate is error-free and that a vulnerability scan of the certificate does not reveal any errors. |
| Scope | FortiManager. |
| Solution | In this case, the custom certificate is already installed on FortiManager.
The certificate can be validated using the OpenSSL tool.
To perform the validation, execute the following command:
openssl s_client -connect custom_cert.mydomain.com:443 -servername custom_cert.mydomain.com -showcerts
In the following image, error messages error:num=20 and error:num=21 are shown, indicating that the certificate could not be verified.
The errors occurred due to the absence of a valid Certificate Authority (CA) for the certificate.
To resolve this, the corresponding CA was added. In the image, the CA appears with the name 'DigiCertCA_custom' along with the certificate labeled 'custom_certificate'.
Finally, the same startup command should be used for verification.
openssl s_client -connect custom_cert.mydomain.com:443 -servername custom_cert.mydomain.com -showcerts
In this case, no further errors are displayed, and levels 1 and 2 appear correctly.
Related articles: Technical Tip: How to test a custom certificate for the FortiManager management interface Technical Tip: Import and configure the FortiGate admin GUI certificate via FortiManager |
